Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

   Home   Help Search  
Pages: Prev 1 [2] 3 4 5 6 7 ... 16 Next   Go Down
  Print  
Author Topic: Once again whackers wanna screw up the hobby... Encryption  (Read 129970 times)
KD8GTP
Member

Posts: 57




Ignore
« Reply #15 on: June 28, 2013, 12:59:36 PM »

I thought I put a few people on ignore after the last ignorant thread, but I guess it didn't take.  Anyone using the term "whacker" is plain ignorant.  Just because you do not share the same interest, no matter how eccentric, does not mean someone is less of a person than you.  The only thing it shows, is that someone has some personal problems, and attempt to lash out at someone in an attempt to make themselves feel better. 

I don't call you guys wackers to make myself feel better. I do it because the shoe fits you very well Smiley

Patron Saint of the Wacker
Logged
AA4PB
Member

Posts: 12685




Ignore
« Reply #16 on: June 28, 2013, 01:45:38 PM »

"The HIPPA argument is fallacious"

Not exactly. 45CFR164.312(e) says that agencies must determine if encryption is needed to protect the data from unauthorized access. They must document their justification for NOT using encryption on data circuits. I expect that most entities would decide that they needed encryption on any network as open to public access as amateur radio. They will, as they should, normally error on the side of maximum security and the least potential for liability.

I see no reason that limited encryption could not be accommodated with a set of strict controls. Station ID should always be in the clear so that the FCC monitors can determine who is sending and receiving the encrypted data. The details will take some thought and discussion, but it can be done safely.

Logged
W9IQ
Member

Posts: 102




Ignore
« Reply #17 on: June 28, 2013, 02:18:18 PM »

Hi Bob,

That portion of the regulation is "addressable". The OCR has published specific guidance that modifications to a system that is "wireless or other emergency medical radio communications which can be intercepted by scanners" is not required. This is a prejudicial ruling on this issue and would preempt additional justification requirements. They only need to point to the OCR guidance. Would you agree?

Perhaps agencies are not following the published guidance or their consultants are over reaching?

I am still working on my opinion regarding encryption but I do intend to file comments with the FCC.

- Glenn W9IQ
Logged
K2GW
Member

Posts: 535


WWW

Ignore
« Reply #18 on: June 29, 2013, 04:36:35 AM »

Concur with Jim.  I work in information security and encryption for the Pharmaceutical Industry.

HIPAA is one of of the most misused laws ever written, typically by folks wishing to spread fear uncertainty and doubt (FUD) to advance their own agenda.

HIPPA does NOT require radio encryption. It specifically EXCLUDES radio communications and additionally specifically EXCLUDES emergencies. Thus Amateur Radio is excluded from needing encryption for medical/patient data on TWO different grounds.   For more detail, see why even radio services used to dispatch EMS are excluded from HIPAA:

http://www.911dispatch.com/info/hipaa_position.pdf


Logged
AF5CC
Member

Posts: 822




Ignore
« Reply #19 on: June 29, 2013, 10:49:26 AM »

HIPAA is one of of the most misused laws ever written, typically by folks wishing to spread fear uncertainty and doubt (FUD) to advance their own agenda.

I will definitely agree with this. I would like to see where the "right to privacy" is found in the US Constitution.

John AF5CC
Logged
AA4PB
Member

Posts: 12685




Ignore
« Reply #20 on: June 29, 2013, 12:08:48 PM »

Glenn, you appear to be correct concerning wireless encryption. I found this in the OCR:

For example, the Privacy Rule does not require the following types of structural or systems changes:

•Encryption of wireless or other emergency medical radio communications which can be intercepted by scanners.

•Encryption of telephone systems.

Probably some of the legal consultants for served agencies are telling them to encrypt everything just to be on the safe side. Given the OCR, certainly they can easily justify plain text for occasional emergency communications via amateur radio.
Logged
KS4VT
Member

Posts: 141




Ignore
« Reply #21 on: June 29, 2013, 03:14:54 PM »

This is my filing from a few days ago....it also references the site that notes that HIPAA does not require encryption for radio communications.

http://apps.fcc.gov/ecfs/comment/view?id=6017454970
Logged
KE4YOG
Member

Posts: 182




Ignore
« Reply #22 on: June 29, 2013, 04:20:56 PM »

AF5CC I have been looking for that "right" for a long time also.
Logged
KE2EB
Member

Posts: 26




Ignore
« Reply #23 on: July 02, 2013, 10:31:27 AM »

NWO Paranoia Whackers with thier'spy spy identify'  deceptive Trickeries. shame shame.-ke2eb george.
Logged
LA9XSA
Member

Posts: 376




Ignore
« Reply #24 on: July 03, 2013, 01:33:11 AM »

FCC rules part 97 says
Quote
No provision of these rules prevents the use by an amateur station of any means of radiocommunication at its disposal to provide essential communication needs in connection with the immediate safety of human life and immediate protection of property when normal communication systems are not available.

Part 97 rules also state:
§ 97.113 Prohibited transmissions.
(a) No amateur station shall transmit:
(4) ...messages encoded for the purpose of obscuring
their meaning...

This is the part that the rulemaking addresses, simply because this is the part that prohibits encryption.
You've failed to notice that 97.113 also prohibits transmissions where the communicator gets paid for operating, i.e. uses amateur radio "on the clock". The exception in 97.113 to this rule only applies to TESTS and DRILLS, because the exception in 97.403 (my quote) is sweeping - it says "No provision" in part 97 prevents essential communication needs in a communications emergency. Thus no other exceptions need to be written in for real communications emergencies - 97.403 already takes care of it - and if you want a new exception for encryption it only needs to address tests and drills.

97.113 also incorporates all other prohibitions in part 97 by reference "Communications specifically prohibited elsewhere in this part", so by your reading of the rules, 97.403 might as well not exist at all. Well, it does, and past prescedent shows that the FCC agrees with me about what 97.403 means - it overrules every other rule in part 97 that stands in the way of essential communications needs in a communications emergency.

Sad to see that K1CJS is so set in his ways that rather than consult with some legal expertise or listen to second opinions he puts you on ignore. Some of his posts have been helpful in the past after all.
Your interpretation isn't valid, since any encrypted transmission wouldn't get through anyway if a non-encrypted, regular transmission will not.  
The question that would be if the need to save the life and health of a patient, as well as keeping as much patient privacy as possible, when all other ways of communication have failed, are essential needs. They are.

The OCR has published specific guidance that modifications to a system that is "wireless or other emergency medical radio communications which can be intercepted by scanners" is not required. This is a prejudicial ruling on this issue and would preempt additional justification requirements. They only need to point to the OCR guidance. Would you agree?

Yeah, if the patient's life and safety depends on it, you may have to transmit some data in the clear, violating the patient's privacy to save the patient's life. However, knowing that the information will be transmitted in the clear, and that people are listening, will cause some "self censorship" where the responders try to only transmit the information which is absolutely necessary for the ambulance crew to know about. If facilities for encryption are in place, more information could be transmitted quicker, forming a more detailed picture for responders - or it could let extracts of patient data be sent between medical facilities in preparation for a full evacuation of a hospital for example.

The OCR guidance seems to be more applicable to that situation of dispatch to ambulance communications, than an event where large amounts of patient data need to be sent.

Let's say your served agency is a hospital, and they have to send their patients to other unaffected facilities, and amateur radio is their one and only link to the rest of the world. Using digital encrypted communications, they could send a list of patients with essential medication lists, diagnosis and allergies, to help find the right facility to send the patients to. The whole patient medical record could be sent by physical means such as harddrives - if the hospital is going to be wiped out, then evacuate the harddrives too, or wait until the off-site backups can be brought to bear - but the radioed data and perhaps a summary paper sheet physically following the patient, should tide us over until the backups are ready.
« Last Edit: July 03, 2013, 01:37:01 AM by LA9XSA » Logged
K1CJS
Member

Posts: 5879




Ignore
« Reply #25 on: July 03, 2013, 05:06:59 AM »

I've been looking through this thread again, and the one thing that jumped out at me this time (I'll admit that it didn't occur to me before) is that there is one thing that hasn't really been pointed out.  I've realized this from the reading (and posting) I've done to the article on the homepage of this site. 

So, I will concede that the use of encryption is allowable on the ham bands--as long as the encryption key is published and freely available beforehand to anyone who wants to copy the transmission. 

The crux of this filing is that these applicants want to allow encryption without that one thing being done, and that is something that amateur radio does not need--or that most ham operators do not want.  The applicant wants to change the rules to be permitted to keep that encryption key secret from anyone who is monitoring their transmissions.  THAT is the one thing that makes all the difference about this filing.

Realization of that one difference will serve to partially solve some of the arguments going on here in this thread. 
Logged
K7RBW
Member

Posts: 386




Ignore
« Reply #26 on: July 03, 2013, 06:41:30 AM »

Let's say your served agency is a hospital, and they have to send their patients to other unaffected facilities, and amateur radio is their one and only link to the rest of the world.
(emphasis mine)

How did they let themselves get into a situation where amateur radio was the only link to the rest of the world? Bad (cheap) planning? I'm guessing if that's the situation, things will be so bad everywhere else that monitoring hospital comms in hopes of finding a juicy morsel of gossip (which in the US, IIRC, is already illegal under the communications act of 1934), will be the last thing on people's minds. I.e. the threat to anyone's harm due to plain-text comms is minimal to imaginary.

The part i have a problem with is using the "when all else fails" argument to justify a change to standard practice. It's saying that hospitals don't need to make other contingency plans because they can just use amateur radio in an emergency (which, so far, is fine). But, they add that because of their special data requirements, they need to change the normal use of amateur radio (to enable encryption) to make the amateur service a viable option to use when all else fails, which is where it crosses the line. If they have special needs,  they need to consider those when making contingency plans--i.e. develop backup systems that can accommodate those special needs, not take over another radio service.

As others have pointed out, in a life-or-death emergency, the hospital (or anyone else) can use encrypted radios on amateur freqs already. In a non-emergency, there are other radio services that can accommodate those requirements. If encrypted transmissions aren't even a requirement, where's the [real] need? (I should probably file my opinion with the FCC).

To KS4VT, that's an excellent and articulate response!
« Last Edit: July 03, 2013, 06:52:07 AM by K7RBW » Logged
K1CJS
Member

Posts: 5879




Ignore
« Reply #27 on: July 03, 2013, 08:21:35 AM »

The way things are today, most hospitals have several different possible links to the outside world, including (but not limited to) land line telephones, two way medical radio, two way business radio, satellite dishes for internet and telephone communicating along with their regular T-1 connections through the phone company, local cable tie-ins for television, internet and back-up phone and so on.  To even believe that they do not have back-ups is ludicrous in the extreme--in some cases they're required BY LAW to have them!

The only possible exception to that are the small ten or twenty bed 'community' type hospitals in rural areas, and even then, they have back-up communications capabilities--without having to rely on ham radio at all.
Logged
AA4PB
Member

Posts: 12685




Ignore
« Reply #28 on: July 03, 2013, 09:25:51 AM »

Then there is no longer any need for ham radio to be involved at all in emergency communications. Personally, I don't know because I haven't done a survey of all the hospitals, their communications requirements, or their current capabilities. I would think that should be a starting point for determining if/how amateur radio should be involved.

Logged
K1CJS
Member

Posts: 5879




Ignore
« Reply #29 on: July 03, 2013, 12:31:54 PM »

There may be a small need in rural areas, but not in cities or suburbia.
Logged
Pages: Prev 1 [2] 3 4 5 6 7 ... 16 Next   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!